There are some request violations that Apache will handle internally, prior to the
ModSecurity phase:1 POST-READ-REQUEST hook. For these requests, we can still get
visibility by running a check in phase:5 logging to look for the Apache error msg.

Example Payload

Here is an example payloads taken from the access_log:

127.0.0.1 - - [06/May/2011:11:22:24 -0400] "\tGET / HTTP/1.1" 400 226

Example Audit Log Entry

Include an example ModSecurity Audit Log Entry for when this rule matchs.